Computer and Network Security Final Exam (A), 2003 Dr. Ron Rymon Time: 2 hours and 30 minutes, plus 30 minutes extension. No Additional Material is Allowed Part A. Explain briefly the following 6 terms (4 points each): 1. 2. 3. 4. 5. 6. CBC Identity Management 3DES Steganography Something-you-possess Social engineering Part B. Answer 4 of the following 5 questions (9 points each): 1. Explain how a DDoS attack is mounted, and how it can be detected and dealt with 2. Explain the purpose and method of building honeypots and honeynets 3. Explain how fingerprinting works, and how it can be used for authentication 4. Explain how a firewall works, and the difference between a packet filter and application gateway 5. Suppose that one of the bits of the plaintext was flipped just before encryption. How would this affect the ciphertext if the encryption was done using 3DES: (1) in ECB mode; (2) in CBC mode; (3) in OFB mode Part C. Answer the following two questions (20 points each): 1. Explain the goals of Zero-Knowledge and outline the Fiat-Shamir authentication algorithm 2. Explain each of the steps of the RC5 encryption algorithm. What are the advantages of RC5? Does your implementation of RC5 (in the exercise) enjoy these advantages?